The App Store is Now a Medical Device Distributor: Unpacking the New MDCG Guidance
The regulatory grey zone for digital health in the European Union has finally cleared. In a landmark move, the EU's Medical Device Coordination Group (MDCG) has issued the MDCG 2025-4 Guidance, a document that fundamentally reshapes the responsibilities for medical device software (MDSW) and Software as a Medical Device (SaMD) distributed through major online platforms.
The new guidance officially confirms what many in the industry have been advocating for: app stores operated by tech giants like Apple and Google are now explicitly classified as **Medical Device Software Distributors** under Article 14 of the EU's Medical Device Regulation (MDR) and In Vitro Diagnostic Regulation (IVDR). This decision ends the long-standing ambiguity and places direct legal liability on these platforms for the medical device apps they make available to the public.
What This Changes: A New Era of Shared Accountability
For years, app stores have operated as seemingly neutral platforms. The MDCG 2025-4 guidance, particularly section 3.2, changes this dynamic entirely. It establishes that when these platforms make MDSW available, they are active participants in the regulatory supply chain. This shift has profound implications for both the platform operators and the developers creating innovative digital health solutions.
-
For Platform Operators (Apple, Google, etc.)
The new classification as "distributors" brings significant legal responsibilities. These tech giants are now obligated to ensure that any app qualifying as a medical device complies with the stringent requirements of the MDR and IVDR *before* it is made available on their stores. Their new duties include:
• Verifying that the app has undergone the necessary conformity assessment and bears the proper CE marking.
• Ensuring that the manufacturer has provided all required compliance documentation, including a declaration of conformity and information for safe use.
• Cooperating with competent authorities in case of recalls or safety issues, and holding a legal liability for distributing non-compliant medical device software. -
For SaMD and Digital Therapeutics Developers
While this adds a new layer of scrutiny, the guidance is largely positive for developers. It provides a much clearer and more predictable regulatory pathway, removing the uncertainty that has plagued the industry. Key benefits include:
• Reduced Compliance Ambiguity: Developers now have defined distributor responsibilities, answering the long-held question of whether to use app stores for their digital therapeutics.
• Shared Accountability: The burden of compliance is no longer solely on the manufacturer. Platform operators now share in the accountability, helping to close gaps in traceability and better protect patients from harmful or faulty digital health apps.
• Enhanced Patient Safety: By ensuring that only compliant, safe, and effective medical device apps reach the market, the new framework strengthens the entire digital health ecosystem and builds patient trust.
The Reality Check: From Guidance to Implementation
While this guidance provides much-needed clarity, the road ahead will be complex. The immediate challenge is implementation. How will massive platforms like the Apple App Store and Google Play adapt their review processes to effectively verify MDR and IVDR compliance for thousands of health apps? What level of technical documentation will they require from developers?
The next 12 to 24 months will be a critical adaptation period for both sides. We will likely see platforms developing new, specialized submission portals and review teams dedicated to medical device apps. Developers, in turn, must be prepared to provide robust compliance and technical documentation as a standard part of their app submission process. Furthermore, it remains to be seen how this interpretation will be adopted and enforced across different jurisdictions like the UK and Australia, which often look to the EU for regulatory precedent.
Conclusion: A Maturing Digital Health Landscape
The MDCG 2025-4 guidance marks a coming-of-age for the digital health industry. It signals that software is no longer on the fringes of healthcare but is a core component that must adhere to the same standards of safety and efficacy as traditional medical devices. We are witnessing a new era of software accountability, where even the world's largest tech platforms must comply with established rules and assume their critical role in the safe distribution of digital health solutions.